Chapter 3. Using Python for Windows and Linux Forensics

In this chapter, we will focus on the parts of the forensic investigation that are specific to the operating systems. We chose the most widely used operating systems on the desktop and server systems—Microsoft Windows and Linux.

For both operating systems, we selected examples of interesting evidence and how to automate its analysis using Python. Consequently, in this chapter, you will learn the following:

Analyzing the foundations of the Windows event log, selecting interesting parts, and automatically parsing them
Organizing the Windows Registry and efficiently searching for Indicators of Compromise (IOC)
Searching Linux local account information for IOC
Understanding, using, and parsing Linux ...

Get Mastering Python Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Python Forensics by Dr. Michael Spreitzenbarth, Dr. Johann Uhrmann

Chapter 3. Using Python for Windows and Linux Forensics

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly